Django-tastypie checking of csrf token in requests

[Rene Zelaya]

Hi everyone,

We have a REST API built using django-tastypie, which most of our users access through our web application. However, we do have users that make requests to the API programmatically (using the python 'requests' library, for example) and use an OAuth token to do so (we have already set up our Tastypie API to do this OAuth authentication).

How does Tastypie check for the csrf token, and does anybody have experience modifying the mechanism so that it does check it when users are in a session using the web application but does not require it if users are accessing programmatically AND have a valid OAuth token?

Thank you!

Rene